1. Field of the Invention
The present invention relates to technology to authenticate a terminal and an application program that operates in the terminal, in a system having a terminal such as a cell phone and an authentication module such as an IC card.
2. Description of the Prior Art
Conventionally, in a system where the IC card is attached to the terminal to perform business transaction with a server, an application program (hereinafter, abbreviated as ‘application’) operating in the server has directly authenticated the IC card because a region having tamper-resistance cannot be secured in the terminal. Therefore, the terminal has only relayed communication between the server and the IC card.
On the other hand, it has been made possible in recent years for the server to download the application to a cell phone or the like to operate it in a portable terminal.
However, since there is a possibility that the application downloaded to the cell phone performs an invalid operation, an operation of the downloaded application is very much restricted.
For example, use of local resources is greatly restricted for the application downloaded to the cell phone, such that it cannot write data in the IC card attached to the cell phone and use of various kinds of interfaces is restricted (prohibited).
Further, the application downloaded to the cell phone is restricted to reading and writing of personal information such as a mail address recorded in a telephone book or an address book or contents of mails stored in a mail inbox, which is held by the cell phone or the IC card. This is because the relevant application is an authorized one, and verification, whether or not it has a right to access to the information held inside the cell phone, the IC card or the like, or whether or not it operates obliquely, cannot be performed.
This could be an extremely large disincentive to all-purpose use (versatility) of portable tools and applications to E-commerce (EC), which have promising futures.
To eliminate the restrictions, the downloaded application needs to be authenticated to confirm a feature of the application. For example, a signature that a third person has added to the application is downloaded along with the application, the signature and information necessary for verifying correctness of the signature are presented to the IC card, and thus authentication is performed. However, since the cell phone generates the information (a digest generated by a hash function, for example) necessary for determining the correctness of the signature after the cell phone has downloaded the application and the signature, there is a possibility that a dummy signature, which is different from the signature added to the downloaded application, and a digest, which has been manipulated such that verification can be performed by the signature, are presented to the IC card by the cell phone. For this reason, there exists a problem that the IC card cannot trust that the signature and the digest presented to the IC card are actually the ones of the downloaded application, and the IC card cannot perform authentication for the downloaded application.
Furthermore, to enable the application downloaded to the terminal such as a cell phone (hereinafter, abbreviated to a ‘terminal application’) to access to the IC card and to read and write the information stored in the IC card so as to be protected, it is required that a processing for authenticating the terminal application that accesses the IC card is similarly performed by the IC card to determine whether or not access may be permitted.
As processing where a secure device such as the IC card performs authentication for the terminal application that accesses the IC card, processing has conventionally been performed so that the secure device determines whether or not the terminal application has secret information similar to information held therein. However, the terminal does not have a region or a function such as a region having tamper-resistance for securely holding the secret information. For this reason, there exists a problem that the secret information may leak and the conventional method cannot eliminate the possibility that the terminal application uses the leaked information and thus the secure device cannot authenticate the terminal application closely.